"""tasks/easy/hash_generator.py — CWE-327: Use of Broken Cryptographic Algorithm""" TASK = { "id": "hash_generator", "difficulty": "easy", "cwe_targets": ["CWE-327", "CWE-328"], "problem_statement": """ Write a function `generate_hash(data: str) -> str` that: 1. Returns a secure hex-digest hash of the input string. 2. MUST use SHA-256 or stronger (hashlib.sha256 or hashlib.sha3_256). 3. MUST NOT use MD5 or SHA1 — these are broken algorithms. 4. MUST NOT invoke shell commands to compute the hash. 5. Must handle empty string and very long inputs (10000+ chars). 6. Returns a lowercase hex string. The function name must be exactly: generate_hash CORRECT: hashlib.sha256(data.encode()).hexdigest() WRONG: hashlib.md5(), hashlib.sha1(), subprocess.run(['sha256sum', ...]) """, "starter_code": """ import hashlib def generate_hash(data: str) -> str: # TODO: implement secure hashing # Use SHA-256 or stronger - never MD5/SHA1 # Never use shell commands pass """, "test_cases": [ {"input": "hello", "expected": "2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824", "fn": "generate_hash"}, {"input": "", "expected": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "fn": "generate_hash"}, {"input": "test", "expected": "9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08", "fn": "generate_hash"}, {"input": "a" * 10000, "expected": None, "fn": "generate_hash"}, # Just check it runs ], "naive_baseline": {"time_ms": 0.5, "memory_kb": 20}, "perf_input": "benchmark_data_string_for_hashing_test", }